Early this morning we discovered that someone had managed tocompromise gluck.debian.org. We've taken the machine offline and arepreparing to reinstall it. This means the following debian.orgservices are currently offline: cvs, ddtp, lintian, people, popcon, planet, ports, release
—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA1

Hi,

Early this morning we discovered that someone had managed tocompromise gluck.debian.org. We've taken the machine offline and arepreparing to reinstall it. This means the following debian.orgservices are currently offline:

cvs, ddtp, lintian, people, popcon, planet, ports, release

Based on the results of our initial investigation we've locked downmost other debian.org machines, limiting access to DSA only, untilthey can be fixed for what we suspect is the exploit used tocompromise gluck.

We're still investigating exactly what happened and the extent of thedamage. We'll post more info as soon as we reasonably can.